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DETAILED ACTION 

1. This office action is in response to request for reconsideration, and amendment filed on 
May 16, 2005. Original application contained Claims 1-24. Applicant previously amended 
Claims 1, 4-7, 10-17, 18, 21-24, and cancelled Claims 16, and 20. Applicant previously added 
new Claims 25-28. Applicant currently amended Claims 1,12, 13, 15, 17, 23, and 24. The 
amendment filed have been entered and made of record. Presently pending claims are 1-15, 17- 
19, and 21-28. 

Continued Examination Under 37 CFR LI 14 
1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this appHcation is 
eligible for continued examination under 37 CFR 1 . 1 14, and the fee set forth in 37 CFR 1 .17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. 

Applicant's submission filed on May 16, 2005 has been entered. 
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Response to Arguments 

Applicants arguments filed on May 16, 2005 have been fully considered but they are not. 
persuasive because of the following reasons: 

Regarding independent and dependent Claims 1-6, 10-13, 15-17, and 20-24 applicants 
argued, generating fictitious computer file system content.., located outside the deception 
environment, intentionally introducing spelling or grammatical errors, and ''relative 
probability of occurrence 

This is not found persuasive. The system of cited prior arts (CPA) [Bernardo et al. (U.S. 
Patent No. 6,247,032), Kelley (U.S. Patent No. 4,719,566)] clearly teach system and method of 
a software tool to use with a computer system for simplifying the creation of Web sites (such as 
file system). The tool comprises a plurality of pre-stored templates, comprising HTML 
formatting code, text, fields and formulas. The templates preferably correspond to different 
types of Web pages and other features commonly found on or available to Web sites. An 
approval module designates an approval criterion to be satisfied before the content is published 
on the web site. A designation module designates specified collaborators from the database of 
users. A schedule module sets the schedule to route the contents of created web site to specified 
collaborators, A building module builds the web site, based on the contents and specified 
features. An approval determination module determines whether approval criterion is satisfied. 
A posting module posts the contents of web site, based on satisfaction of approval criterion. All 
unauthorized access is actually connected to a false target, which continues a communication 
mode with the user. Because the user is bound to a false partition or interface and access paths 
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to other partitions are blocked complete security may be preserved. Thus, by logging all 
messages and sending alerts and selected messages from the false interface to a security 
monitor, an improvement in the ability to locate those attempting system penetration is made by 
creating a more extensive audit trail and holding them on the line, so to speak, than would 
otherwise be available. This audit trail in the false interface would be clear evidence of 
unauthorized access and provide a significant deten'ent to unauthorized access by those aware 
of its installation. 

As a result, the system of cited prior ait(s) does implement and teaches a system and 
method for generating (fictitious) content for a computer to deceive attackers into believing they 
have gained access to a true computer system, without actually allowing them to gain access to 
true files, and to monitor such attackers, without their knowing, to facilitate efforts to improve 
security measures and identify attackers. 

Applicants clearly have failed to explicitlv identify specific claim limitations, which 
would define a patentable distinction over prior arts. 

The examiner is not trying to teach the invention but is merely trying to interpret the 
claim language in its broadest and reasonable meaning. The examiner will not interpret to read 
narrowly the claim language to read exactly from the specification, but will interpret the claim 
language in the broadest reasonable interpretation in view of the specification. Therefore, the 
examiner asserts that the system of cited prior arts does teach or suggest the subject matter 
broadly recited in independent Claims and in subsequent dependent Claims. Accordingly, 
rejections for claims 1-15, 17-19, and 21-28 are respectfrilly maintained. 
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Claim Rejections - 35 VSC §103 

1. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-6, 10-13, 15-17, and 20-24 rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bernardo et al. U.S. Patent No. 6,247,032 ('Bernardo' hereinafter) in view of 
Kelley U.S. Patent No. 4,719,566. 

With respect to claim 1, Bernardo teach a method for generating computer file system content for 
a computing system configured to provide (see abstract; col. 2, lines 33-37), to an intruder who 
has gained or is attempting to gain unauthorized access to a network with which the computing 
system is associated, a deception environment in which the intruder is allowed to access at least 
part of the generated fictitious computer file system content to keep the intruder fi-om gaining 
access to a protected network resources located outside the deception environment, , comprising: 

creating a plurality of template (see col. 2, lines 44-67 to col. 3, lines 1-5); 

providing a collection of data items available to be inserted into the templates (see col. 2, 
lines 44-67 to col. 3, lines 1-5); 

selecting one or niore of said templates; and for each template selected automatically 
selecting at least one data item fi-omthe collection (col.5 line 55 to col.6 line 20); and 

populating the template with at least one data item form the collection (see col. 3, lines 

17-35); 

Bernardo do not explicitly disclose generating fictitious content. 
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Kelley discloses generating fictitious content wherein the fictitious computer file system 
content is suitable for use in a deception environment in which the intruder is allowed to access 
at least part of the generated fictitious computer file system content to keep the intruder fi-om 
gaining access to a protected network resources located outside the deception environment (see 
abstract; and col. 1, line 66 to col.2 line 31, and col. 4 line 59 to line 62). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Kelley within the system of Bernardo to arrive at the 
invention as claimed because both references are direct to generating computer file system 
content, and the implementation of generating fictitious file system content would prevent an 
attacker seeking to gain unauthorized access to a computer or computer network by luring the 
would be attacker to non working files, further increasing the level of security of the network by 
letting only authorized users to access the network. It would have been obvious to a person of 
ordinary skill in the art to extend the capability of the network by incorporating the fictitious 
generating content feature of Kelley to improve the security and versatility of the combined 
system. 

3. Claim 2 rejected as above in rejecting claim 1 , wherein the collection of data items 
comprises one or more names (see col. 7, lines 18-36). 

4. Claim 3 rejected as above in rejecting claim 1, wherein the collection of data items 
comprises one or more dates (see col. 7, lines 18-63), 

5. Claim 4 rejected as above in rejecting claim 1, wherein at least one template is an e-mail 
message requiring at least one item of data to be complete (see col. 7, lines 18-36). 
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6. Claim 5 rejected as above in rejecting claim 1, wherein at least one template is a word 
processing document requiring at least one item of data to be complete (see col 1, lines 42-61). 

7. Claim 6 rejected as above in rejecting claim 1, wherein at least one template is a 
spreadsheet requiring at least one item of data to be complete (see coL 1, lines 42-61). 

8. Claim 10 rejected as above in rejecting claim 1, wherein for at least one selected template 
the step of populating comprises correlating a random number to an item of data in the collection 
(see col. 7, lines 18-36). 

9. Claim 1 1 rejected as above in rejecting claim 1 , wherein for at least one selected template 
the step of populating comprises inserting an item of data into the template (see col. 7, lines 18- 
36). 

10. Claims 12, 13, and 15 are rejected apphed as above rejecting Claim 1. Furthermore, the 
system of Bernardo and Kelley teaches 

intentionally including at least one spelling error in at least one template, altering at least 
one populated template to introduce at least one spelling error, and introducing at least one 
grammatical error into at least one populated template to make the deception environment appear 
more realistic by ensuring that at least some of the generated file system content is not entirely 
free of spelling and grammatical errors (see col. 2, lines 44-62, and col. 3, lines 17-35). 

1 1 . Claim 17 rejected as above in rejecting claim 1, wherein for at least one selected 
template, selecting the at least one data item is based at least in part on the relative probability of 
occurrence of the at least one data item to make the deception environment more realistic by 
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ensuring that data items occur with the frequency one would expect in real, non-deception 
computing environment associated with network (see col. 7, lines 18-36). 

12. Claim 21 rejected as above in rejecting claim 1, further associating a probability of 
occurrence with each template and wherein the step of selecting comprises selecting one or more 
of said templates is based at least in part on the associated probability of occurrence (see col. 7, 
lines 18-63). 

13. Claim 22 rejected as above in rejecting claim 1, wherein at least one template requires 
that at least two items of data be compatible with one another (see col. 7, lines 18-63). 

14. With respect to claim 23, Bernardo teach a system for generating computer file system 
content for a computing system configured to provide (see abstract; col 2, lines 33-37), to an 
intruder who has gained or is attempting to gain unauthorized access to a network with which the 
computing system is associated, a deception envii'onment in which the intruder is allowed to 
access at least part of the generated fictitious computer file system content to keep the intruder 
from gaining access to a protected network resources located outside the deception environment, 
comprising: 

a computer configured to: (see coL 3, lines 17-35); 

select one or more of a plurality of templates; and for each template selected 
automatically select at least one data item from a collection of data items available to be inserted 
into the template (col. 5 line 55 to col6 line 20); and 

populate the template with at least one data item from the collection (see col. 3, lines 17-35); and 
a database configured to store the collection (see col. 7, lines 18-63); 
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wherein the computer includes memory configured to store the populated template in a 
file system (see col. 7, lines 18-63); 

Bernardo do not explicitly disclose generating fictitious content. 

Kelley discloses generating fictitious content wherein the fictitious computer file system 
content is suitable for use in a deception environment in which the intruder is allowed to access 
at least part of the generated fictitious computer file system content to keep the intruder fi-om 
gaining access to a protected network resources located outside the deception environment (see 
abstract; and col. 1, line 66 to col. 2 line 31, and col. 4 line 59 to line 62). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Kelley within the system of Bernardo to arrive at the 
invention as claimed because both references are direct to generating computer file system 
content, and the implementation of generating fictitious file system content would prevent an 
attacker seeking to gain unauthorized access to a computer or computer network by luring the 
would be attacker to non working files, further increasing the level of security of the network by 
letting only authorized users to access the network. It would have been obvious to a person of 
ordinary skill in the art to extend the capability of the network by incorporating the fictitious 
generating content feature of Kelley to improve the security and versatility of the combined 
system. 

15. With respect to claim 24, Bernardo teach a computer program product for generating file 
system content for a computing system configured to provide (see abstract; col. 2, lines 33-37), 
to an intruder who has gained or is attempting to gain unauthorized access to a network with 
which the computing system is associated, a deception environment in which the intruder is 
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allowed to access at least part of the generated fictitious computer file system content to keep the 
intruder from gaining access to a protected network resources located outside the deception 
environment, the computer program product being embodied in a computer readable medium 
and comprising computer instructions for: 

selecting one or more of a plurality of templates; and for each template selected: 
automatically selecting at least one data item from a collection of data items available to be 
inserted into the template (see col. 2, lines 44-67 to col. 3, lines 1-5, and col. 5 line 55 to col.6 
line 20); and populating the template with at least one data item from the collection (see col. 3, 
lines 17-35); and 

a database configured to store the collection (see col. 7, lines 18-63); 
wherein the computer includes memory configured to store the populated template in a 
file system (see col. 7, lines 18-63); 

Bernardo do not explicitly disclose generating fictitious content. 

Kelley discloses generating fictitious content wherein the fictitious computer file system 
content is suitable for use in a deception environment in which the intruder is allowed to access 
at least part of the generated fictitious computer file system content to keep the intruder from 
gaining access to a protected network resources located outside the deception environment (see 
abstract; and col 1, line 66 to col.2 line 31, and col. 4 line 59 to line 62). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Kelley within the system of Bernardo to arrive at the 
invention as claimed because both references are direct to generating computer file system 
content, and the implementation of generating fictitious file system content would prevent an 
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attacker seeking to gain unauthorized access to a computer or computer network by luring the 
would be attacker to non working files, further increasing the level of security of the network by 
letting only authorized users to access the network. It would have been obvious to a person of 
ordinary skill in the art to extend the capability of the network by incorporating the fictitious 
generating content feature of Kelley to improve the security and versatility of the combined 
system. 

16. Claims 25-28 are rejected applied as above rejecting claim 1 . Furthermore, the system of 
Bernardo and Kelley teaches a system and method for generating fictitious content to deceive 
attackers, wherein: the collection includes at least one data item that is not fictitious (Bernardo: 
col. 5 line 55 to coL6 hne 20), the deception environment is: on a server, on a PC, and part of a 
trap system (Bernardo: Fig. 1-2, Col2 line 28 to line 37, and Kelly: Fig, 1-2, col.3 line 25 to line 
65). 

17. Claims 7-9, 14 and 18-19 rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bernardo et al. U,S, Patent No. 6,247,032 ('Bernardo' hereinafter) in view of Kelley U.S. Patent 
No. 4,719,566, in further view of Colvin, Sr. U.S. Patent No. 6,041,123 ('Colvin' hereinafter). 
17. Claim 7 rejected as above in rejecting claim 1, and Bernardo in view of Kelley teach all 
the limitations set forth above in claim 1 . 

Bernardo and Kelley do not explicitly disclose the step of populating comprises receiving 
a number fi om a random number generator. 

Colvin disclose a random number generator (see col. 5, lines 22-25; col. 6, lines 60-67). 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Colvin within the combined system of Bernardo and 
Kelley to arrive at the invention as claimed because the references are direct to generating 
computer file system content, and the implementation of a random number generator would 
enable the network system to determine the intervals at which additional file content is 
generated, further increasing the level of security by providing a more realistic deception 
environment, furthermore improving the versatility of the combined systems. 

18. As to claim 8, Bernardo and Kelley do not explicitly show a pseudo random number 
generator. However, Colvin teaches a pseudo random number generator (see col. 5, lines 22-25; 
col. 6, lines 60-67). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine Bernardo in view of Kelley in further view of Colvin for the 
same reasons set forth in claim 7 above. 

19. As to claim 9, Bernardo and Kelley do not expHcitly show a pseudo random number 
generator employs a unique key to generate numbers. However, Colvin teaches a pseudo 
random number generator employs a unique key to generate numbers (see col. 6, lines 60-67 to 
col. 7, lines 1-5). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine Bernardo in view of Kelley in further view of Colvin for the 
same reasons set forth in claim 8 above. 

29. Claim 14 rejected as above in rejecting claim 13, and Bernardo and Kelley teach all the 
limitations set forth above as indicated in claim 13. 
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Bernardo and Kelley do not explicitly disclose wherein the step of populating comprises 
receiving a number from a random number is used to determine what the least spelling error will 

be. 

Colvin disclose a random number (see col. 5, lines 22-25; col 6, lines 60-67). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Colvin within the combined system of Bernardo and 
Kelley to arrive at the invention as claimed because the references are direct to generating 
computer file system content, and the implementation of a random number would enable the 
network system to determine the intervals at which additional file content is generated, further 
increasing the level of security by providing a more realistic deception environment, furthermore 
improving the versatility of the combined systems. 

20. Claim 18 rejected as above in rejecting claim 1, and Bernardo in view of Kelley teach all 
the limitations set forth above in claim 1 . 

Bernardo and Kelly do not explicitly disclose wherein for at least one selected template, 
selecting the at least one data item is a function of (1) a random number and (2) the relative 
probability of occurrence of the at least one data item. 

Colvin disclose a random number and the relative probability of occurrence of each data 
item (see col. 5, lines 22-25; col. 6, lines 60-67 to col. 7, lines 1-5). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Colvin within the combined system of Bernardo and 
Kelley to arrive at the invention as claimed because the references are direct to generating 
computer file system content, and the implementation of a random number generator would 
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enable the network system to determine the intervals at which additional file content is 
generated, further increasing the level of security by providing a more realistic deception 
environment, furthermore improving the versatihty of the combined systems. 
21. As to claim 19, Bernardo and Kelley do not explicitly show a pseudo random number . 
generator provides the random number. However, Colvin teaches a pseudo random number 
generator employs a random number (see col. 6, lines 60-67 to col. 7, lines 1-5). It would have 
been obvious to one of ordinary skill in the ait at the time the invention was made to combine 
Bernardo in view of Kelley in further view of Colvin for the same reasons set forth in claim 18 
above. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Syed Zia whose telephone number is 571-272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306, 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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